PT-2020-11352 · Google · Android Kernel
Published
2020-01-06
·
Updated
2021-07-21
·
CVE-2019-9472
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Android kernel
Description
The issue is related to a possible timing attack in the DCRYPTO equals function of compare.c, caused by improperly used crypto. This could lead to local information disclosure without requiring additional execution privileges. User interaction is not necessary for exploitation.
Recommendations
For Android kernel, consider applying a patch that properly implements crypto in the DCRYPTO equals function to prevent timing attacks.
Fix
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android Kernel